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DETAILED ACTION 

1. Claims 1-51 are pending. 

Response to Arguments 

1 . Applicant's arguments with respect to claim 1 have been considered but are moot 
in view of the new ground(s) of rejection, Ricciulli (US Patent No. 6,816,910). 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

3. Claims 1-51 are rejected under 35 U.S.C. 102(e) as being anticipated by Ricciulli 
(US Patent No. 6,816,910). 

Referring to the rejection of claims 1,13, 20, 23-24, and 31, Ricciulli discloses a 
method of protecting a host device from a disruptive event, comprising the steps of: 

receiving a first request from a client for starting a first data connection (See 
Column 1, lines 32-38) 

receiving a second request from the client for starting a second data connection 
(See Column 1, lines 38-45) 

determining whether the first request and the second request have arrived at the 
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host device within a predetermined time interval, the predetermined time interval being 
based on a probability distribution function of the arrival times of previous requests for 
starting data connections received at the host device from a given originating location 
(See Column 5, lines 1-10) 

and responsive to the step of determining, denying the second data connection 
to the client (See Column 5, lines 22-40) 

Referring to the rejection of claims 2,21, and 32, Ricciulli discloses the claimed 
limitation wherein the step of denying further comprises the step of preventing 
transmission of a synchronize message to the client (See Column 7, lines 16-23) 

Referring to the rejection of claims 3 and 33, Ricciulli discloses the claimed 
limitation wherein the step of storing the first request from the client (See Column 5, 
lines 62-63) 

Referring to the rejection of claims 4 and 34, Ricciulli discloses the claimed 
limitation wherein the step of storing an originating address of the client (See Column 5, 
lines 62-63) 

Referring to the rejection of claims 5 and 35, Ricciulli discloses the claimed 
limitation wherein the step of calculating a difference value in the arrival times of the first 
request and second request at the host device for comparing the difference value to the 
predetermined time interval (See Column 5, lines 22-40) 

Referring to the rejection of claims 6 and 36, Ricciulli discloses the claimed 
limitation wherein the step of transmitting a signal to a network control center for taking 
corrective action against the client (See Column 3, lines 44-58) 
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Referring to the rejection of claims 7,37, 41, and 49, Ricciulli discloses the 
claimed limitation wherein the step of barring the client access to the host device by 
downloading from the network control center appropriate commands to the server and 
appropriate commands to specific switching devices in the network (See Column 6, 
lines 1-7) 

Referring to the rejection of claims 8,38,42,50, and 51 Ricciulli discloses the 
claimed limitation wherein the step of signaling the host device to shut down and the 
step of sending commands from the network control center to one or more standby 
servers to take over the processing functions performed by the host device that was 
shut down (See Column 4, lines 47-67) 

Referring to the rejection of claims 9,22, 39, and 43 Ricciulli discloses the 
claimed limitation wherein the step of proceeding with establishment of the second data 
connection if the first request and the second request have arrived at the host device 
outside of the predetermined time interval (See Column 5, lines 22-40) 

Referring to the rejection of claim 10, Ricciulli discloses the claimed limitation 
wherein the step of transmitting a synchronize message to the client (See Column 5, 
lines 1-18) 

Referring to the rejection of claim 11, Ricciulli discloses the claimed limitation 
wherein the step of storing an originating address of the client and the arrival time of the 
second request (See Column 5, lines 62-67) 

Referring to the rejection of claim 12, Ricciulli. discloses the claimed limitation 
wherein the disruptive event is a flooding attack (See Column 1 , lines 46-49) 
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Referring to the rejection of claims 14,25, and 45 Ricciulli discloses the claimed 
limitation wherein the step of denying the request comprises preventing transmission of 
a synchronizing message to the originating address (See Column 7, lines 16-23) 

Referring to the rejection of claims 15,26, and 46 Ricciulli discloses the claimed 
limitation wherein the step of saving the originating address and the arrival time of the 
initializing request (See Column 6, lines 44-53) 

Referring to the rejection of claims 16,27, and 47 Ricciulli discloses the claimed 
limitation wherein the step of denying the request further comprises closing a 
connection for the data transmission session (See Column 1 , lines 49-64) 

Referring to the rejection of claims 17,28, and 48 Ricciulli discloses the claimed 
limitation wherein the step of calculating a difference value in arrival times of the 
initializing request and the previously received initializing request from the originating 
address (See Column 5, lines 22-40) 

Referring to the rejection of claims 18 and 29, Ricciulli discloses the claimed 
limitation wherein the step of transmitting a signal to a network control center 
responsive to the step of denying (See Column 6, lines 54-65) 

Referring to the rejection of claims 19 and 30, Ricciulli discloses the claimed 
limitation wherein the step of monitoring a plurality of data packets arriving at the host 
device so as to generate a probability distribution of the arrival times of a plurality of 
initializing requests from the originating address (See Column 4, lines 27-46) 

Referring to the rejection of claims 40 and 44, Ricciulli discloses a method of 
protecting a host device from a flooding event, comprising the steps of: 
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receiving a first request from a client for starting a first data connection 
(See Column 1 , lines 32-38) 

receiving a second request from the client for starting a second data connection 
(See Column 1, lines 38-45) 

determining whether the first request and the second request have arrived at the 
host device within a predetermined time interval, the predetermined time interval being 
based on a probability distribution function of the arrival times of previous connection 
establishment requests received at the host device (See Column 5, lines 1-10) 

and responsive to the step of determining, signaling a network control center 
(See Column 3, lines 44-58) 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Glawitsch (US Patent No. 6,772,334) discloses a system and method for 
preventing denial of service attack in a networked computing environment. 

Lamberton et al. (Pub No. 2001/0042200) discloses a method and system for 
defeating TCP SYN flooding attacks. 

Watson et al. (US Patent No. 6,779,033) discloses a system and method for 
transacting a validated application session in a networked computing environment. 



Application/Control Number: 09/942,396 



Page 7 



Art Unit: 2137 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Courtney D. Fields whose telephone number is 571- 
272-3871 . The examiner can normally be reached on Mon - Thurs. 6:00 - 4:00 pm; off 
every Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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